CVE-2025-31412

Summary

CVE-2025-31412 is a Cross-site Scripting (XSS) vulnerability affecting JetProductGallery from version n/a through 2.1.22. This issue arises due to improper neutralization of user inputs during the generation of web pages in NotFound JetProductGallery. The vulnerability enables attackers to inject malicious scripts into a webpage and gain unauthorized access to user data or take control of the user's session. This can pose a significant risk, especially in environments where users may visit untrusted websites, potentially leading to data theft or other malicious activities. It is recommended that affected users upgrade to the latest version of JetProductGallery to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.